Opened 8 years ago

Closed 8 years ago

Last modified 7 years ago

#3541 closed defect (implemented)

Decide on prop171 isolation properties for tunneled dir conns, controller-launched resolves

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: 0.2.3.x-final
Component: Core Tor/Tor Version:
Severity: Keywords: tor-client
Cc: Actual Points:
Parent ID: #1865 Points:
Reviewer: Sponsor:

Description

Proposal 171 specifies the right way to isolate streams that arrive over (socks/trans/natd/dns)port. But there are streams that originate inside Tor. Specifically, these are resolve requests launched by the controller, and tunneled directory connections.

As it stands, we already set some of their isolation fields, but not all. In particular, tunneled directory connections have:

  • ClientAddr set to unspec
  • DestPort set to the directory port
  • DestAddr set to the directory's IP
  • ClientProtocol set to (0,0), which matches no client connection
  • SocksAuth unset.
  • SessionGroup set to 0.
  • NymEpoch unset.
  • No isolation flags set.

and controller-launched dns connections have:

  • ClientAddr unset.
  • DestPort unset
  • DestAddr set to the thing we'reresolving.
  • ClientProtocol set to (0,0), which matches no client connection
  • SocksAuth unset.
  • SessionGroup set to 0.
  • NymEpoch unset.
  • No isolation flags set.

Some of these are reasonable; some are not. We need to decide which are which.

Child Tickets

Change History (5)

comment:1 Changed 8 years ago by nickm

So, here's what I think we think based on IRC conversations.

Anonymized directory connections should be isolated from *everything*, including each other. This will need a new internal-use-only IsolateStreams option or something.

One-hop directory connections should be fully intermixable, but isolated from *everything else*. Let's do this by giving them only the IsolateSessionGroup flag, and a unique session group that nothing else shares.

comment:2 Changed 8 years ago by nickm

Status: newneeds_review

Absent a better rationale, I'm calling the controller-launched resolves isolated from everything but each other.

This stuff is now implemented in my prop171 branch.

comment:3 Changed 8 years ago by nickm

Resolution: implemented
Status: needs_reviewclosed

comment:4 Changed 7 years ago by nickm

Keywords: tor-client added

comment:5 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.